Using refresh token to get new access token in Node


I’m currently working on a node application using the oidc-middleware package to handle logging in, and jwt-verifier to verify claims for api calls.

Our access tokens have a life of one hour, which means users need to log in again several times during the day.
We’re able to get a refresh token from okta- in this context of Node, how do we use this refresh token to get a new access token and populate our userContext with the new value? I’m having trouble finding any steps on this, or if it’s possible using the packages as-is.


I think I’ve figured out a solution, if anyone stumbles on this.

 app.use(async function (req, res, next) {
    let userContext = req["userContext"];
    if (!userContext) {

    let tokens = userContext["tokens"];
    if (!tokens) {

    if (req["userContext"]["tokens"]["expires_at"] > / 1000) {

    let oktaClientId = "cliend id";
    let oktaClientSecret = "client secret";

    let options = {
        method: "POST",
        host: "host",
        path: "/oauth2/default/v1/token?grant_type=refresh_token&redirect_uri=http://localhost:1337&scope=offline_access%20openid&refresh_token=" + tokens["refresh_token"],
        headers: {
            "accept": "application/json",
            "authorization": "Basic " + new Buffer(oktaClientId + ":" + oktaClientSecret).toString('base64'),
            "cache-control": "no-cache",
            "content-type": "application/x-www-form-urlencoded"

    let oktaReq = https.request(options, function (resp) {
        let data = '';
        resp.on("data", function (d) {
            data += d;

        resp.on("end", function () {
            let newTokens = JSON.parse(data);

            req["userContext"]["tokens"]["access_token"] = newTokens["access_token"];
            req["userContext"]["tokens"]["refresh_token"] = newTokens["refresh_token"];
            req["userContext"]["tokens"]["id_token"] = newTokens["id_token"];
            req["userContext"]["tokens"]["scope"] = newTokens["scope"];
            req["userContext"]["tokens"]["expires_at"] = Math.floor( / 1000) + newTokens["expires_in"];


    oktaReq.on('error', function(e) {
        console.error(`Exception while attempting to get refresh access token: ${e.message} `);


I guess my confusion was coming from the fact that I thought there was a way to do the refresh using okta’s packages, with some provided method or a config setting- or that it would detect that it was given a refresh token and take care of it itself.